Get Help Now

From the Cybersecurity News Desk

Drizly Exposes Millions, CEO Held Liable

A major breach in cybersecurity just came home to roost at Drizly’s CEO James Cory Rellas’s front doorstep.  For those unfamiliar, Drizly is the “Uber Eats” for all things alcohol.  According to the FTC, the company used “unfair and deceptive practices” to assure users of the security of the substantial amount of information they routinely gathered.  In July of 2020, personal information of 2.5 million users of the platform appeared on the dark web.

What are a few of the missteps by Drizly which exacerbated the breach?  According to the FTC, they include:

  • Failure to develop and implement adequate written security standards and train employees, including engineers, on complying with company policies.
  • Failure to securely store Amazon Web Services and database login credentials.
  • Failure to require unique, complex passwords that employees hadn’t used elsewhere and didn’t end access when an employee or contractor no longer had a legitimate need for sensitive information.
  • Failure to adequately monitor for unauthorized attempts to transfer consumer data outside its network.
  • The company didn’t appropriately test the security features of its products and apps and failed to conduct periodic vulnerability testing.

For any executive out there who might be under the impression that a breach like this won’t directly impact him, the FTC says to think otherwise.  They are holding Rellas personally liable in this case.  The FTC warns, “Don’t make the mistake of thinking that incorporating a business shields officers from liability in consumer protection actions, including data security cases. It’s a fact-based analysis, but in appropriate instances, the FTC may sue the corporation and corporate officers. And if the person under order has certain high-level responsibilities, compliance obligations may follow regardless of where he or she works in the future. The case against Rellas may be the latest FTC action alleging individual liability in a data security case, but it probably won’t be the last. The message for corporate executives is that the data security buck stops with you.”

See How We Can Help!

Fill out this form and we’ll be in touch shortly

    Number of Employees - select one:
    Industry - select one:

    Through our comprehensive approach to cybersecurity, we’ll help ensure your organization and its executives are protected  against evolving cyber threats.


    Be Proactive with Penetration Testing

    We can reveal if there are weaknesses in your systems.

    Achieve Readiness with Managed SOC

    Connect people, process & technology in one workflow.

    Cybersecurity Incidents Happen

    Plan, prevent, and mitigate with our incident response team.

    View expert analysis on the latest threats 

    Finding qualified security professionals can be difficult and costly.

    Ours are the best. Put them to work for you.

    Contact Us
    Privacy Settings
    We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
    Consent to display content from - Youtube
    Consent to display content from - Vimeo
    Google Maps
    Consent to display content from - Google
    Consent to display content from - Spotify
    Sound Cloud
    Consent to display content from - Sound
    Contact Us